System and method of malware sample collection on mobile networks

摘要

A collection agent monitors a mobile network for data samples containing executable code. The collection agent accepts executables and forwards them to a sample collection center for further analysis, reporting, or in some instances initiating one or more mitigating actions. Depending on the network protocol being monitored, the collection agent responds to connection attempts from nearby mobile devices.

主权项

1. A collection agent network device, comprising:
a first network interface communicatively coupled to a mobile network comprising a plurality of mobile devices, wherein the first network interface is operably adapted for intercepting a network data sample destined for one of the mobile devices of the plurality of mobile devices of the mobile network before the network data sample arrives at the one of the mobile devices, wherein the collection agent network device is separate from the one of the mobile devices; a protocol handler processing unit operably adapted to receive the network data sample from the first network interface, determine whether the network data sample includes executable code that is executable by the one of the mobile devices, and to extract the executable code from the network data sample when the network data sample is determined to include the executable code; and a second network interface operably adapted for receiving the executable code from the protocol handler processing unit and for sending the executable code to a sample collection center when the protocol handler processing unit determines that the network data sample includes executable code that is executable by the one of the mobile devices, wherein the sample collection center is separate from the collection agent network device and the plurality of mobile devices of the mobile network.